Re: PF Problems

On Thu, Jul 16, 2009 at 09:32:55PM -0500, Steve Pribyl wrote:
> I am using NetBSD 4.0 with Carp and pf.
> The problem is pf works great for a while then starts to not work,
> slow, refuses pings, forwarding, etc in a random way.
>
> So, I need so suggestions on how to debug this or even if someone
> has seen or heard of this before.
Roughly how many hosts have you got on your network? Are you using
network address translation?
Just guessing: many many connections all holding state, state table becomes
full so no more new connections allowed through. Some connection finishes,
so now there is room for a new one, so "randomly" works again...
pfctl -s all
Should show what is going on... My impression though is that defaults are
fine for hundreds of hosts, so check through your rules?
Cheers,
Patrick